Solved

How to involve IP address and/or Mac address in NAT rule

Posted on 2004-10-06
1
220 Views
Last Modified: 2010-08-05
My server (Linux redhat) is providing NAT service to my LAN using this rule

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward

eth0 is my LAN card interface
eth1 is the public LAN card interface

My question is how to provide NAT service only to one LAN workstation (192.168.0.8) and involve MAC address in this rule to avoid internal hackers using that IP.

Thanks to you all !
0
Comment
Question by:diordonez
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 12

Accepted Solution

by:
mburdick earned 250 total points
ID: 12243929
While you can accomplish what you want easily, you should be warned that you aren't adding much security to your network.

If a user is smart enough to hard-code an IP to get access, it's likely that they can also override the MAC on their NIC as well. And, your security controls still don't stop them.

A sample of an IPTABLES rule that allows you to integrate a source MAC is:

-A FORWARD -s 172.20.20.11  -i eth0 -m mac --mac-source 00:00:00:00:00:00 -j ACCEPT
0

Featured Post

Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question